Exhausting Russian Resources by Sanctioning Western Software

The Yermak-McFaul International Working Group on Russia Sanctions last month published its Working Group Paper #17: Exposing and Exploiting the Kremlin’s Software Networks and Dependencies, discussing the interconnected software infrastructure that sustains Russia’s illegal conflict in Ukraine and underscoring its associations with entities in nations that have enforced sanctions. The paper provides guidance for governments and companies in formulating sanctions proposals that will limit Russia’s access to Western software, ultimately increasing the cost of war for Moscow.

The Role of Western Technology

The paper’s key findings underscore the interdependence between the Russian software ecosystem and Western technology and the potential vulnerabilities countries that imposed sanctions on Russia after its invasion of Ukraine can exploit through additional targeted sanctions and regulatory measures.

1. The Russian military-industrial complex and law enforcement agencies heavily depend on a network of software systems, many of which receive indirect development and support from Western technology and expertise. This interconnected software landscape plays a vital role in both Russia’s military and civilian infrastructures.
2. There is a significant network of software that sustains Russia’s war in Ukraine. Despite the Kremlin’s attempts to reduce reliance on Western software for crucial systems, this transition is advancing slowly, presenting significant opportunities to hinder Russia’s military effectiveness and economic activities.
3. Detailed intelligence on the current state of the Russian software ecosystem supporting Russia’s actions in Ukraine highlights Russia’s persistent endeavors to diminish dependence on Western software through both substitution and illicit licensing of software products, creating an ongoing opportunity to utilize sanctions and regulatory channels to prohibit Western software providers from providing technical support and products to customers in the Russian Federation.
4. Imposing sanctions on Russian software developers, discontinuing updates and support by Western vendors, and introducing developer responsibility to hold IT companies and intermediaries accountable for providing products, licenses, technical support, updates, or related infrastructure enablers in Russia will have a significant impact on Russia’s ability to effectively continue its war on Ukraine.  

Ongoing Global Efforts

Global export control and sanctions efforts continue to evolve to hinder Russian access to western products. The US Commerce Department’s Bureau of Industry and Security (BIS) in October 2023 published a list in collaboration with the EU, Japan, and the UK, containing 45 high-priority items that pose the highest risk of being diverted illegally to Russia. The BIS stated that these items, which include integrated circuits and radio frequency transceiver modules, have been found in Russian missiles and drones used in Ukraine. These controls, coupled with the imposition and enforcement of sanctions and other restrictions against entities and individuals that facilitate Russia’s access to sensitive technologies, allow countries to adopt appropriate measures to counteract Russian evasion strategies. Adoption of recommendations in the Working Group paper will also help stymie Russia’s access to software products that allow it to manufacture munitions and military systems to aid its war in Ukraine.

• In addition to imposing sanctions on Russian software developers—especially those involved in the development of key software—and penalizing western vendors, IT companies, and intermediaries if they continue to provide licenses and support for Russia’s military and related software infrastructure, the Working Group recommends continuous monitoring to ensure compliance with sanctions and trade controls. In particular, the paper recommends indexing country-level exports based on pre-war demand figures to reduce the likelihood of circumvention of sanctions through a third country.
• Other recommendations include prohibiting Russian participation in international events, such as conferences, seminars, and other research events; preventing Russian companies and institutions engaged in software development from receiving grants from international foundations and private software investors; and developing a database of alternatives to Russian software.  

The connections between software developers and companies in countries that have imposed sanctions on Russia carry significant implications, suggesting that Western technology and expertise are indirectly supporting Russia’s military and civilian infrastructures. Russia’s slow progress in transitioning to domestic software and its ongoing attempts to reduce reliance on Western software create a continuing opportunity to use sanctions and regulatory channels to weaken Russia’s technological infrastructure.

• Significant advancements in Russia’s artificial intelligence sector—a strategic focus for the Kremlin—cannot happen without the support of western technologies, including software and hardware for state-of-the-art modeling and data processing, according to the report.
• Russian banks rely heavily on two core information systems: the Automated Banking System (ABS) and processing systems, according to the report, which also stresses that there are currently no specific import substitutions for these systems. Russian banks also predominantly use Oracle Database and Microsoft SQL Server. Since both companies have ceased business in Russia, critical vulnerabilities in Russian financial systems could be exploited to add pressure on the Russian government.
• Russia’s financial system largely depends on foreign equipment for information security and encryption, and transition to Russian equipment and software has been slow, underscoring an additional vulnerability. 

Technology firms and financial institutions should carefully monitor transactions between Russian companies and software service providers, as well as the regulatory developments that could impose further restrictions on their business with Russian customers and business partners. The Institute for Financial Integrity continuously monitors regulatory developments in the sanctions and trade control space, providing warnings, key takeaways, and insights into the continuously changing world that can impact US persons and entities.